Arturo Borrero, tus tsim tawm Debian uas yog ib feem ntawm Netfilter Project Coreteam thiab tus saib xyuas cov pob khoom cuam tshuam nrog nftables, iptables thiab netfilter ntawm Debian, txav qhov kev tso tawm loj tom ntej ntawm Debian 11 siv nftables los ntawm lub neej ntawd. Yog tias qhov kev pom zoo pom zoo, cov pob khoom nrog iptables yuav raug tso tseg rau hauv qeb ntawm cov kev xaiv xaiv tsis suav nrog hauv cov pob yooj yim.
Nftables pob ntawv lim yog qhov tseem ceeb rau nws kev sib koom ua ke ntawm pob ntawv lim interfaces rau IPv4, IPv6, ARP thiab network txuas hniav. Nftables tsuas yog ib qho yooj yim, raws tu qauv-yooj yim interface ntawm cov ntsiav qib uas muab cov haujlwm yooj yim rau kev rho tawm cov ntaub ntawv los ntawm pob ntawv, ua cov ntaub ntawv ua haujlwm, thiab tswj kev ntws. Cov logic filtering nws tus kheej thiab raws tu qauv tshwj xeeb tuav tau muab tso ua ke rau hauv bytecode nyob rau hauv cov neeg siv qhov chaw, tom qab uas no bytecode yog loaded rau hauv lub ntsiav siv Netlink interface thiab tua nyob rau hauv ib tug tshwj xeeb virtual tshuab reminiscent ntawm BPF (Berkeley Packet Filters).
Los ntawm lub neej ntawd, Debian 11 kuj tseem muaj lub zog hluav taws xob hluav taws xob hluav taws xob, tsim los ua cov ntaub qhwv rau saum nftables. Firewalld khiav raws li txheej txheem keeb kwm yav dhau los uas tso cai rau koj hloov pauv cov ntaub ntawv lim dej ntawm DBus yam tsis tas yuav rov thauj cov ntaub ntawv lim dej lossis rhuav tshem cov kev sib txuas. Txhawm rau tswj hwm lub firewall, firewall-cmd utility yog siv, uas, thaum tsim cov cai, tsis yog raws li IP chaw nyob, network interfaces thiab chaw nres nkoj naj npawb, tab sis ntawm cov npe ntawm cov kev pabcuam (piv txwv li, qhib kev nkag mus rau SSH koj yuav tsum tau ua. khiav "firewall-cmd -ntxiv -service = ssh", kaw SSH - "firewall-cmd -remove -service = ssh").
Tau qhov twg los: opennet.ru